SOUTH CAROLINA DEPARTMENT OF MENTAL HEALTH
Department of Information Resource Management
Network Services
|
|
LAN/WAN STANDARDS
SOUTH CAROLINA DEPARTMENT OF MENTAL HEALTH
Department of Information Resource Management
Network Services
|
|
LAN/WAN STANDARDS
Table of Contents
Section 1
Department of Information Resource Management Policies
Equipment Requisition Policies 3
Software Requisition Policies 3
Maintenance & Service Agreements - Workstations 3
Maintenance & Service Agreements - LAN File Servers 3
Maintenance & Service Agreements - Software Support 3
Network Security Standards 3
Internet Access & Support Policies 4
Network Services Policies and Procedures
Overview of Wide Area Network Implementation 4
File Server Standards 4
Hardware Standards 4
Software Standards 4
Network Installation Standards 4
Disaster Prevention/Recovery Policy 5
Function of the Response Line 6
Work Order Procedures 7
Software, Supported
Category 1 8
Category 2 9
IRM Support Policy
Responsibilities of the IRM Network Services Staff 10
Responsibilities of the Local LAN Administrators 11
File Server Backup Responsibilities 12
Minimum Training Standards for System Administrator 13
Recommended Additional Training for LAN Administrators 13
Network Services Forms Policy
Forms Policy 14
User Authorization Form 15
Department ID Form 16
DP65 Form 17
Shared Directory Authorization Form 18
Network Security Request form 19
Section 2
Network Services Installations
Server Installations
Microsoft Office XP (2002) 1.1
Microsoft Office XP (2002) Updates 2.1
Hummingbird for Windows 95 3.1
Hummingbird for Windows 2000 4.1
ZenWorks 3.0 5.3
Informix and Scheduler 6.1
WorkStation Installations
Microsoft Office XP (2002) 7.1
Hummingbird for Windows 95 8.1
Hummingbird for Windows 2000 9.1
Y2K Updates 10.1
Norton Symantec 11.1
Appendix A-N
Section 3
Server Configurations across the state
This section is an alphabetical list of servers’ state wide and their configurations. It shows the pertinent items needed to maintain stability for the loaded software.
Department of Information Resource Management Policiestc \l1 "Department of Information Resource Management Policies
1. Equipment Requisition Policiestc \l2 "Equipment Requisition Policies
No Equipment other than the equipment on the Approved IRM equipment list will be purchased unless previously authorized by IRM.
2. Software Requisition Policiestc \l2 "Software Requisition Policies
No Software other than the software on the Approved IRM software list will be purchased unless previously authorized by IRM.
3. Maintenance & Service Agreements - Workstationstc \l2 "Maintenance & Service Agreements - Workstations
Compaq workstations bought on State Contract have a one year on-site parts and labor warranty. They have an additional two year warranty on labor for off-site work.
4. Maintenance & Service Agreements - LAN File Serverstc \l2 "Maintenance & Service Agreements - LAN File Servers
It is highly recommended that each Local Area Network File Server have on-site maintenance for hardware. Compaq has a three year on-site warranty on parts and labor. Maintenance can be extended Vendor coverage from the hardware vendor or coverage under the Generic PC contract as per Procurement Policy.
5. Maintenance & Service Agreements - Software Supporttc \l2 "Maintenance & Service Agreements - Software Support
Network Services supports the Network Operating systems for Novell and Microsoft NT. Application software support includes Corel Office 8, Hummingbird, Registrar, ArcServe, GroupWise and.
6. Network Security Standardstc \l2 "Network Security Standards
The following is a minimal statement regarding the Security standards for the electronic access to the Departments File Servers. The basic Security mechanism is User Code /Password protection. The User Id’s adopted are the Department Standard User Id’s. The Passwords will be at least 5 Characters long. They are required to be Unique and will be changed at least every 90 days. It is discouraged by IRM from using pets names, Children’s names, spouse’s names etc as these passwords schemes are very easily broken. Generic user Id’s are not to be used. Distributing passwords among co-workers is against policy. It is also against policy for anyone (including supervisors) to have access to other users’ home directories. If two or more people need access to the same files a shared directory can be setup for that purpose. Furthermore, no sever shall have a modem connected to it regardless of the reason. If PC Anywhere (or similar product) needs to establish connections to the network it shall be done through a PC. PC Anywhere will not be left in host mode while the PC is unattended. After the connection is broken the modem line will be disconnected from the PC to ensure unauthorized connections cannot be established.
7. Internet Access & Support Policies
Internet Access is viatc \l2 "Internet Access & Support PoliciesInternet Access is via Internet Explorer on the workstation. Each person who connects to the Internet must sign a statement agreeing to Mental Health standards.
Network Services Policies and Procedurestc \l1 "Network Services Policies and Procedures
1. Overview of Wide Area Network Implementationtc \l2 "Overview of Wide Area Network Implementation
Each Center/Facility on the SCDMH Network will have a communication line (Frame Relay or ISDN) back to the Central Office building on Bull St. in Columbia. Each Center that has a remote access computer will have a communications line installed back to their center. Network Services will maintain all Servers, Router, and Switches on the network.
2. File Server Standardstc \l2 "2. File Server Standards
All purchases of File Servers are to be approved by the Director of Network Services. They are to be Compaq Pentium II/III class servers. As models change an updated list of approved models will be disseminated to each center and facility. This information will be post on the Network Services web page.
3. Hardware Standardstc \l2 "Hardware Standards
All purchases of Hardware, Workstations, switches, routers etc… are to be approved by the Director of Network Services. A list of approved equipment and updates to the list are provided to each center and facility.
4. Software Standardstc \l2 "4. Software Standards
All software on servers will be controlled through Network Services. Any software loaded on a workstation without being on the approved software list will not be supported. This will also be posted on the Network Services web page.
5. Network Installation Standardstc \l2 "Network Installation Standards
Network Services will install all network hardware and software. Network equipment and software have to be properly configured in order to run on the network. Installations that do not meet the safety and security of network standards will NOT be installed.
Disaster Prevention/Recovery Policytc \l2 "Disaster Prevention/Recovery Policy
Disaster Prevention/Recovery incorporates Hardware Maintenance, Server Security, Site Security as well as Backup and offsite storage procedures. The following is a basic statement of the Agencies Prevention policies.
A Hardware Maintenance agreement for each File Server and any other Central equipment such as Routers, Switches or Concentrators is suggested. Minimum coverage would be each File Server and Router. File Servers, Routers, Switches or Concentrators should be on a UPS (Uninterrupted Power Supply) to protect the equipment from power damage.
Backups are to be done daily on each File Server. Backups are to be rotated off site. Rotations can be set up with a Sister CMHC or Facility. Daily rotation is the preferred standard with a required weekly minimum. See page “Responsibilities of the Local LAN Administrator for a more complete write up on Backups.
Server Security and Site Security cover some of the same areas of concern. Each Server is password protected and is required to remain password locked at all times except when being accessed for maintenance. Supervisor passwords will be limited to authorized personnel only. Site Security is limiting physical access, power protection (UPS), Environment control, Heating & Air conditioning as well as any other environment influences that would damage the Equipment.
Restoration to the Server is to be coordinated with Network Services prior to any restoration.
Function of the Response Line
The primary purpose of the Response Line is to provide WorkOrder placement and documentation for maintenance calls. An additional function is to provide technical support and assistance to the System Administrators as well as the end users on the SCDMH Network. The Response Line Operators utilize an Automated WorkOrder system to ensure continuity of support. This support service covers those software and hardware products listed in the Software and Hardware Standards Section of this manual.
The Response Line can be reached at 803-935-5550 or 1-888-802-5219. Every User or System Administrator should use the Response Line to place a WorkOrder. A call can then be placed to the appropriate person to correct any malfunction.
Work Order Procedures
All calls are placed to 803-935-5550 or 1-888-802-5219.
Caller needs to identify:
User ID
Facility Name
Phone Number
Decal # of Equipment
Situation / Malfunction for the call
1. Caller will be issued a Work Order Number.
2. Call back response will be made within 4 hours of receiving a call to inform the caller of the work order disposition.
3. If it is necessary to escalate the work order to the support staff in Network Services, the assigned support staff will contact the user within 24 hours.
4. Work Orders should be resolved and closed within 3 work days. Those work orders not resolved within 3 days will be given a higher priority than normal incoming calls and tracked until completed.
5. A list of these work orders will be maintained for management.
6. Each work order will be documented indicating each call back action until completed.
Software, Supportedtc \l1 "Software, Supported
The DMH Network Services Unit has certified numerous software products for use on DMH LAN/WANs. These products fall into two categories and are listed below:
Category 1tc \l2 "Category 1 - These products are approved for use on DMH LANs. In addition, these products are fully supported by Network Services. Assistance will be provided by Network Services staff to LAN Administrators who encounter problems related to these products.
PRODUCT DESCRIPTION
ArcServe Tape Backup software
Norton Symantec Antivirus software
Unix Print Services Remote Print Software
GroupWise E-mail (used in Windows environment)
Hummingbird Mainframe access software
Hummingbird Unix (CIS) access software
TCP/IP TCP/IP stack for Windows 95
Zen Works Systems Management software
Netware Novell O/S
Microsoft Windows 2000 Microsoft Network O/S
Microsoft Office XP (2002) Application software (Word, Excel, PowerPoint, and Access)
Registrar/Pathlore Training Database Management
In the case of Applications software, Network Services staff will provide assistance only for problems that are technically related. System Administrators and end users are expected to attend training classes in order to master the features and capabilities of this software.
Category 2tc \l2 "Category 2 - These products are approved for use on DMH LANs. However, these products are not fully supported by Network Services. System Administrators should not expect the Network Services staff to be able to answer questions regarding the features and capabilities of this software. The DMH Training Facility offers classes on these products.
PRODUCT DESCRIPTION
Excel Spreadsheet software
Access Database software
Word Word processing software
PowerPoint Slide show software
Internet Explorer Internet Browser
MS Projects Management software
Registrar/Pathlore Training Database Management
Groupwise E-mail System
The following products are approved for use on the DMH LANs however; they are not support by Network Services.
PRODUCT
I/Q
Medicus
Resq
Path Links /MDS
InfoSpan
Starting Line
Dictaphone
Maximo
MedRec
QS1
Pen Billing
Medical Manager
Lotus 1-2-3
Responsibilities of the IRM Network Services Stafftc \l2 "Responsibilities of the IRM Network Services Staff
Network Services staff will be responsible for the following:
1 Installation and configuration of all Novell and Microsoft NT servers in the Department. Local LAN administrators are prohibited from undertaking this task unless they are delegated such responsibility by the Director of Network Services.
2. Install and configure all switches and hubs.
3. Install all approved application software and their upgrades.
4. Approval of all requests for purchase of hardware, software and consulting services associated with DMH networking technology so that standards can be maintained throughout the agency.
5. Consult with local System Administrators and Executive Directors to analyze their center’s or facility’s needs and make recommendations to/for Network Services management.
6. Assist with the initial install of workstations and printers so as to teach the local System Administrators how to accomplish these tasks.
7. Assist the local System Administrator with LAN problems that they cannot resolve on their own.
8. Maintain the Department’s e-mail system.
9. Managing the Netware Directory Services. All additions, deletions, and changes to the NDS require appropriate NDS authorization forms to be completed and submitted to Network Services by the local System Administrators.
10. Planning the architecture of the wide/local area network. Approving proposals for changes to the architecture of the wide/local area networks.
11. Operation of a Response Line to assist LAN administrators when problems can't be resolved locally and must be escalated. Support is provided to local System Administrators Monday - Friday (8:00AM-5:00PM).
12. Install all patches and updates to the Novell and Microsoft servers.
Responsibilities of the IRM Network Services Staff continued:
13. Installation of ISDN / Frame Relay communications devices in the CMHCs.
14. Designation of any hardware or software which is to be standardized across the entire Department.
15. Issuance of standards that specify required configurations on workstations.
16. Installation of new local area networks (unless this responsibility has been delegated by the Network Services Director to LAN administrators).
17. Support all approved office automation software (Word, Excel, Access, Powerpoint, GroupWise, Hostexplorer, ArcServe, Norton Virus Protection, Netware, Microsoft NT Server, Microsoft 2000 Workstation, Registrar, and Internet Explorer) including connectivity software for the Mainframe and UNIX.
IRM Network Services Staff are not responsible for:
1. Supporting Mainframe/UNIX Programs
2. Training the end users in the use of application software.
3. Initial contact for user problems.
4. Day to day LAN administration (such as adding users, printers, groups, shared directories, doing daily backups, testing backups, etc...).
5. Install or support stand alone PC’s.
Responsibilities of the Local LAN Administratorstc \l2 "Responsibilities of the Local LAN Administrators
1. Maintenance of file servers when so authorized by Network Services. Local LAN administrators are prohibited from undertaking this task unless they are delegated such responsibility by Network Services.
2. Installation and maintenance of LAN workstations and printers. Should assist with LAN/WAN infrastructure.
4. Provision of end user support and education for Network Services applications software. Should utilize the DMH Training Center for educational support.
5. Resolution of printer problems.
6. Liaison with Network Services.
7. Troubleshoot and resolve problems with LANs.
8. Day to day LAN Administration such as adding users, printers, groups, shared directories and daily backups.
9. Installation of new microcomputers and loading applications software onto workstations. (Configurations on workstations are to conform to SCDMH standards).
10. File server backups and all data.
File Server Backup responsibilities
1. It is the responsibility of the SA to backup the entire file system of each file server.
2. It is the responsibility of the SA to use an ArcServe Autopilot backup job to backup each server’s entire file system. Autopilot jobs, along with 21 tapes, ensure preservation of data for 1 year.
3. It is the responsibility of the SA to use the tapeback user to create and submit the Autopilot backup job for each file server.
4. If the tapeback’s user password in ever changed, it is the responsibility of the SA to change the backup job and re-submit it to reflect the changed password. The SA is also responsible for notifying Network Services of the changed password.
5. It is the responsibility of the SA to print, verify, and maintain reports each day to ensure successful backups of the file servers are maintained appropriately. Autopilot job, along with 21 tapes, preserves data for 1 year; therefore reports are to be maintained for 1 year.
6. It is the responsibility of the SA to provide offsite storage of tapes used for file server backups.
7. It is the responsibility of the SA to notify Network Services immediately when backup problems or questions surface.
8. Network Services is in no way responsible for lost data on the file servers.
Minimum Training Standards for System Administratorstc \l2 "Minimum Training Standards for System Administrators
Local Administrators are required to attend at least Novell’s NetWare Administration class at IKON or New Horizons and the NetWare Administration introduction class provided by the DMH training center. All administration functions on the Servers will be provided by the Network Services Staff until this training has been completed by the Local System Administrator. This is to ensure up time as well as protect the integrity of the Wide Area Network.
Recommended Additional Training for LAN Administrators
Local System Administrators are encouraged to acquire as much Novell NetWare training and Application specific training as possible. The Novell’s Certified Network Engineer Education Track is strongly recommended, also any training available on the Workstation operating system. Training in the Corel Office Suite and GroupWise software should be attended as well. The application training is available through the DMH training center.
Network Services Forms
The following forms are used by Network Services to maintain the network.
User Authorization Form
Used to ensure all aspects of the User Identification is complete and that only authorized users are entered into the system. Failure to complete all required fields on the form may cause problems as we upgrade to new versions of the network operating system.
Department ID’s
Used to ensure printers, print queues, and print server information is complete and that standard naming conventions are used. This helps during troubleshooting and provides a logical layout for the network.
DP65's
Used to ensure applications are used by authorized individuals
Shared Directory Authorization Form
Used to create shared directories when two or more people need access to the same files.
Network Security Request Form
This file was added due to Internet request being taken off the DP 65. It will also help control needed network information.
Internet Use Policy
Information and agreement for the use of the Internet.